VMSA-2021-0028.10
9.0-10.0
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

Apache Log4j’de CVE-2021-44228 ve CVE-2021-45046 tarafından tanımlanan kritik güvenlik açıkları, VMware ürünlerini etkileyen genel olarak açıklanmıştır.

Etkilenen Ürünler
  • VMware Horizon
  • VMware vCenter Server
  • VMware HCX
  • VMware NSX-T Data Center
  • VMware Unified Access Gateway
  • VMware WorkspaceOne Access
  • VMware Identity Manager
  • VMware vRealize Operations
  • VMware vRealize Operations Cloud (Cloud Proxy)
  • VMware vRealize Automation
  • VMware vRealize Lifecycle Manager
  • VMware Site Recovery Manager, vSphere Replication
  • VMware Carbon Black Cloud Workload Appliance
  • VMware Carbon Black EDR Server
  • VMware Tanzu GemFire
  • VMware Tanzu GemFire for VMs
  • VMware Tanzu Greenplum Platform Extension Framework
  • VMware Greenplum Text
  • VMware Tanzu Operations Manager
  • VMware Tanzu Application Service for VMs
  • VMware Tanzu Kubernetes Grid Integrated Edition
  • VMware Tanzu Observability by Wavefront Nozzle
  • Healthwatch for Tanzu Application Service
  • Spring Cloud Services for VMware Tanzu
  • Spring Cloud Gateway for VMware Tanzu
  • Spring Cloud Gateway for Kubernetes
  • API Portal for VMware Tanzu
  • Single Sign-On for VMware Tanzu Application Service
  • App Metrics
  • VMware vCenter Cloud Gateway
  • VMware vRealize Orchestrator
  • VMware Cloud Foundation
  • VMware Workspace ONE Access Connector
  • VMware Horizon DaaS
  • VMware Horizon Cloud Connector
  • VMware NSX Data Center for vSphere
  • VMware AppDefense Appliance
  • VMware Cloud Director Object Storage Extension
  • VMware Telco Cloud Operations
  • VMware vRealize Log Insight
  • VMware Tanzu Scheduler
  • VMware Smart Assurance NCM
  • VMware Smart Assurance SAM [Service Assurance Manager]
  • VMware Integrated OpenStack
  • VMware vRealize Business for Cloud
  • VMware vRealize Network Insight
  • VMware Cloud Provider Lifecycle Manager
  • VMware SD-WAN VCO
  • VMware NSX Intelligence
  • VMware Horizon Agents Installer
  • VMware Tanzu Observability Proxy
  • VMware Smart Assurance M&R
  • VMware Harbor Container Registry for TKGI
  • VMware vRealize Operations Tenant App for VMware Cloud Director

**************************************************************************************************************************************************************************************

VMSA-2022-0001.1
7.7
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
VMware Workstation, Fusion ve ESXi’deki  güvenlik açığı VMware’e özel olarak bildirildi. Etkilenen VMware ürünlerinde bu güvenlik açığını gidermek için güncellemeler mevcuttur.
Etkilenen Ürünler
  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion
  • VMware Cloud Foundation